Review – Public ICS Disclosure – Week of 10-28-23 – Part 1

This week for Part 1 we have 20 vendor disclosures from ABB, Bentley, Cisco (5), CODESYS, Eurotech, GE Grid, Hitachi (2), Hitachi Energy (2), Insyde (3), and Moxa (3).

Part 2 will include a large number of vendor updates.

Advisories

ABB Advisory - ABB published an advisory that discusses 16 vulnerabilities in their COM600 product.

Bentley Advisory - Bentley published an advisory that discusses an out-of-bounds write vulnerability in their Seequent LeapFrog product.

Cisco Advisory #1 - Cisco published an advisory that describes a policy bypass vulnerability in their Snort 3 detection engine.

Cisco Advisory #2 - Cisco published an advisory that describes an SSL/TLS certificate handling vulnerability in their Snort 3 Detection Engine.

Cisco Advisory #3 - Cisco published an advisory that describes a memory allocation vulnerability in their Snort 3 Detection Engine.

Cisco Advisory #4 - Cisco published an advisory that describes a policy bypass vulnerability in their Snort 3 detection engine.

Cisco Advisory #5 - Cisco published an advisory that describes an IP geolocation bypass vulnerability in their Snort 3 detection engine.

CODESYS Advisory - CODESYS published an advisory that discusses a heap-based buffer overflow vulnerability in a variety of CODESYS V2 and V3 products.

Eurotech Advisory - Eurotech published an advisory that discusses an unquoted search path or element vulnerability in a number of Eurotech products.

GE Grid Advisory - GE published an advisory for a vulnerability in their S1 Agile Engineering Tool Suite.

Hitachi Advisory #1 - Hitachi published an advisory that discusses 21 vulnerabilities in their Disk Array Systems products.

Hitachi Advisory #2 - Hitachi published an advisory that discusses three vulnerabilities in their Cosminexus Developer's Kit for Java and Hitachi Developer's Kit for Java.

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that describes three vulnerabilities in their eSOMS product.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes two vulnerabilities in their MACH System software product.

Insyde Advisory #1 - Insyde published an advisory that describes a stack-based buffer overflow vulnerability in their AsfSecureBootDxe.

Insyde Advisory #2 - Insyde published an advisory that describes an SMM memory corruption vulnerability in their CsmInt10HookSmm.

Insyde Advisory #3 - Insyde published an advisory that describes an unsanitized arguments in SMI handler vulnerability in their IhisiServicesSmm.

Moxa Advisory #1 - Moxa published an advisory that describes a classic buffer overflow vulnerability in their EDR-810/G902/G903 Series web server.

Moxa Advisory #2 - Moxa published an advisory that describes the use of a broken or risky cryptographic algorithm vulnerability in their NPort 6000 Series products.

Moxa Advisory #3 - Moxa published an advisory that discusses seven vulnerabilities in their PT-G503 Series products.

 

For more information on these advisories, including links to 3^rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-10-e57 - subscription required. 

Review – 1 Advisory and 2 Updates Published – 10-20-22

Today CISA’s NCCIC-ICS published a control system security advisory for products from Bentley Systems. They also updated two medical device security advisories for products from Braun.

Bentley Advisory - This advisory describes two vulnerabilities in the Bentley MicroStation Connect.

Braun Update #1 - This update provides additional information on an advisory that was originally published on October 22^nd, 2020.

Braun Update #2 - This update provides additional information on an advisory that was originally published on October 21^st, 2021.

 

For more details about these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-2-updates-published-e54 - subscription required.

Review – Public ICS Disclosures – Week of 10-8-22 – Part 1

This is a moderately busy Saturday after 2^nd Tuesday. For Part 1 this week, we have fifteen vendor disclosures from Aruba, Bentley (3), Eaton, GE Healthcare, Hitachi Energy, HP, Palo Alto Networks, Phoenix Contact, PulseSecure, Softing (2), TandD, and VMware.

Aruba Advisory - Aruba published an advisory describing three vulnerabilities in their EdgeConnect Enterprise Orchestrator.

Bentley Advisory #1 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation And MicroStation-Based Applications.

Bentley Advisory #2 - Bentley published an advisory that describes a stack-based buffer overflow vulnerability in their MicroStation And MicroStation-Based Applications.

Bentley Advisory #3 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-Based Applications.

Eaton Advisory - Eaton published an advisory that describes an unrestricted file upload vulnerability in their Foreseer EPMS.

GE Healthcare Advisory - GE published an advisory that provides guidance on securing serial ports in medical devices.

Hitachi Energy Advisory - Hitachi published an advisory that discusses two vulnerabilities in their MicroSCADA X DMS600

product.

HP Advisory - HP published an advisory that discusses eleven vulnerabilities in their GPU Display Driver.

Palo Alto Networks Advisory - Palo Alto Networks published an advisory that describes an authentication bypass vulnerability in their Pan-OS product.

Phoenix Contact Advisory - CERT-VDE published an advisory that discusses 83 vulnerabilities in the Phoenix Contact PLCnext Control.

PulseSecure Advisory - PulseSecure published an advisory that describes two denial of service vulnerabilities in their Ivanti Connect Secure products.

Softing Advisory #1 - Softing published an advisory that describes a use after free vulnerability in their OPC UA C++ SDK and OPC Suite products.

Softing Advisory #2 - Softing published an advisory that describes an input validation vulnerability in their OPC UA C++ SDK, Secure Integration Server, edgeConnector, edgeAggregator, uaGate and OPC Suite products.

TandD Advisory - TandD published an advisory that describes a denial-of-service vulnerability in their TR4 Series devices

NOTE: TandD does not call this a ‘vulnerability’ they call it a problem “whereby internal communication between components fails” which kind of sounds like a ‘denial-of-service’ vulnerability to me.

VMware Advisory - VMware published an advisory that describes an arbitrary file read vulnerability in their VMware vRealize Operations product.

 

For more information on these disclosures, including links to third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-10-c00 - subscription required.

Review – Public ICS Disclosure – Week of 10-1-22

This week we have six vendor disclosures from Bentley (3), Hitachi, strongSwan, VMware. We also have seven vendor updates from CODESYS. Finally, we have two researcher reports with exploits for products from ZKSecurity.

Bentley Advisory #1 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #2 - Bentley published an advisory that describes two vulnerabilities in their MicroStation and MicroStation-based applications.

Bentley Advisory #3 - Bentley published an advisory that describes two vulnerabilities in their MicroStation and MicroStation-based applications.

Hitachi Advisory - Hitachi published an advisory that discusses 39 vulnerabilities in their Disk Array Systems.

StrongSwan Advisory - StrongSwan published an advisory describing a trust chain vulnerability in their strongSwan product.

VMware Advisory - VMware published an advisory that describes two vulnerabilities in their VMware ESXi and vCenter Server products.

CODESYS Update #1 - CODESYS published an update for their CODESYS V3 Visualization advisory that was originally published on June 3^rd, 2022.

CODESYS Update #2 - CODESYS published an update for their CODESYS V2 password transport advisory that was originally published on June 9th, 2022 and most recently updated on June 23^rd, 2022.

CODESYS Update #3 - CODESYS published an update for their CODESYS OPC DA Server V3 advisory that was originally published on May 19^th, 2022 and most recently updated on June 3^rd, 2022.

CODESYS Update #4 - CODESYS published an update for their CODESYS communication server advisory that was originally published on May 19^th, and most recently updated on June 3^rd, 2022.

CODESYS Update #5 - CODESYS published an update for their CODESYS Control V3 configuration file access advisory that was originally published on March 24th, 2022, and most recently updated on June 30^th, 2022.

CODESYS Update #6 - CODESYS published an update for their CODESYS Git advisory that was originally published on November 30^th, 2021.

CODESYS Update #7 - CODESYS published an update for their CODESYS V2 web server that was originally published on October 25, 2021 and most recently updated on November 8^th, 2022.

ZKSecurity Report #1 - Stolabs published a report that describes an SQL injection vulnerability in the ZKSecurity Bio product.

ZKSecurity Report #2 - Caio B published a report that describes an access control vulnerability in the ZKSecurity Bio product.

 

For more details about these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosure-week-of-10-0f6 - subscription required.

Review – Public ICS Disclosures – Week of 7-9-22 – Part 1

For a 2nd Tuesday weekend there is just a moderate number of disclosures, but I will still need to do two parts to keep these post sizes reasonable. So, for Part 1 this week we have 22 vendor disclosures from ABB, Bentley (7), Broadcom, Flexera, Hitachi Energy (2), Lenze, HP, QNAP, Rockwell Automation, Sonic Wall, VMware (3), and Western Digital (2).

NOTE: NVD.NIST.gov is now specifically identifying when a CVE is listed in CISA's Known Exploited Vulnerabilities Catalog

ABB Advisory - ABB published an advisory that describes a path traversal vulnerability in ABB flow computer and remote controller products.

Bentley Advisory #1 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #2 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #3 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #4 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #5 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Bentley Advisory #6 - Bentley published an advisory that describes an out-of-bounds read vulnerability in their MicroStation and MicroStation-based applications.

Broadcom Advisory - Broadcom published an advisory that describes a deserialization of untrusted data vulnerability in their com.alibaba:fastjson JSON parser package.

Flexera Advisoyr - Flexera published an advisory that discusses two recent Microsoft vulnerabilities (CVE-2022-30190 and CVE-2022-30136).

Hitachi Energy Advisory #1 - Hitachi Energy published an advisory that discusses thirteen vulnerabilities (three with known exploits) in their MSM high-voltage switchgear monitoring system.

Hitachi Energy Advisory #2 - Hitachi Energy published an advisory that describes two vulnerabilities in their MSM high-voltage switchgear monitoring system.

Lenze Advisory - CERT-VDE published an advisory that describes a missing critical step in authentication vulnerability in the Lenze machine controller.

HP Advisory - HP published an advisory that discusses the RETbleed vulnerabilities in their Wolf Security software.

QNAP Advisory - QNAP published an advisory that discusses the Checkmate ransomware that appears to be targeting QNAP products with SMB services exposed to the internet.

Rockwell Advisory - Rockwell published an advisory that discusses a CHROME type confusion vulnerability in multiple products.

SonicWall Advisory - SonicWall published an advisory that discusses an OS command injection vulnerability in their products.

VMware Advisory #1 - VMware published an advisory that describes a server-side request forgery vulnerability in their vCenter Server.

VMware Advisory #2 - VMware published an advisory that describes two cross-site scripting vulnerabilities in their vRealize Log Insight product.

VMware Advisory #3 - VMware published an advisory that describes four vulnerabilities in their ESXi and Cloud Foundation products.

Western Digital Advisory #1 - Western Digital published an advisory that discuses three NULL pointer dereference vulnerabilities in their EdgeRover application.

Western Digital Advisory #2 - Western Digital published an advisory that discusses 44 vulnerabilities in their My Cloud Home devices.

 

For more details on these disclosures, including links to third-party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-7-9bc  - [7-16-22 10:23 EDT, added link] subscription required. 

Review - Public ICS Disclosures – Week of 4-2-22 – Part 1

A busy week with lots of SpringShell and DirtyPipe disclosures, so there will be two parts this week. In this part we have 24 vendor disclosures from Aruba, Barco, Bentley (8), Braun, Broadcom (3), Carrier, Weidmueller, WAGO, CODESYS (6), and FANUC.

Aruba Advisory - Aruba published an advisory discussing the SpringShell vulnerabilities.

Barco Advisory - Barco published an advisory discussing the DirtyPipe vulnerability.

Bentley Advisory #1 - Bentley published an advisory describing two use after free vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Bentley Advisory #2 - Bentley published an advisory describing three stack-based buffer overflow vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Bentley Advisory #3 - Bentley published an advisory describing an out-of-bounds write vulnerability in the Bentley MicroStation and MicroStation-based applications.

Bentley Advisory #4 - Bentley published an advisory describing eleven file parsing vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Bentley Advisory #5 - Bentley published an advisory describing two out-of-bounds read vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Bentley Advisory #6 - Bentley published an advisory describing five out-of-bounds vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Bentley Advisory #7 - Bentley published an advisory describing four out-of-bounds read vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Bentley Advisory #8 - Bentley published an advisory describing two unitialized variable vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Braun Advisory - Braun published an advisory discussing the Infusion Pump Vulnerabilities article by Palo Alto Networks.

Broadcom Advisory #1 - Broadcom published an advisory discussing one of the SpringShell vulnerabilities.

Broadcom Advisory #2 - Broadcom published an advisory describing the other SpringShell vulnerability.

Broadcom Advisory #3 - Broadcom published an advisory discussing an older Spring Framework vulnerability reanimated by the SpringShell vulnerability.

Carrier Advisory - Carrier published an advisory discussing the SpringShell vulnerabilities.

Weidmueller Advisory - CERT-VDE published an advisory discussing nine vulnerabilities in two products using Modbus TCP/RTU Gateways.

WAGO Advisory - CERT-VDE published an advisory discussing the DirtyPipe vulnerability in several WAGO products.

CODESYS Advisory #1 - CODESYS published an advisory describing an exposure of resource to wrong sphere vulnerability in the CODESYS Control V3 products.

CODESYS Advisory #2 - CODESYS published an advisory describing an incorrect permission assignment for a critical resource vulnerability in the CODESYS SysDrv3S.sys driver.

CODESYS Advisory #3 - CODESYS published an advisory describing a small space of random values vulnerability in CODESYS V3 products using the CODESYS communication protocol.

CODESYS Advisory #4 - CODESYS published an advisory describing an incorrect user management vulnerability in the  CODESYS Control V3 online user management applications.

CODESYS Advisory #5 - CODESYS published an advisory describing two vulnerabilities in CODESYS V3 products containing a CODESYS communication server.

CODESYS Advisory #6 - CODESYS published an advisory describing a buffer over read vulnerability in the CODESYS V3 web server.

 

For more details on these disclosures, including links to 3^rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/22-part-1 - subscription required.

Review - Public ICS Disclosures – Week of 1-29-22 – Part 2

For Part 2 we have four more vendor disclosures from QNAP, TI, VMware, and Fujitsu. We also have five updates from Boston Scientific, Dell, Hillrom, Johnson Controls, and QNAP. There are also 98 researcher reports for vulnerabilities in products from Gerbv (2), and Bentley (96). Finally, we have three exploit reports for products from Moxa (2), and WAGO.

QNAP Advisory - QNAP published an advisory discussing the Deadbolt Ransomware attacks.

TI Advisory - TI published an advisory discussing physical security attacks on ‘silicon devices.’

VMware Advisory - VMware published an advisory describing an information disclosure vulnerability in their VMware Cloud Foundation.

Fujitsu Advisory - Fujitsu published an advisory discussing 15 vulnerabilities in Insyde® Firmware.

Boston Scientific Update - Boston Scientific published an update for their Log4Shell  advisory.

Dell Update - Dell published an update for their generic Log4Shell advisory.

Hillrom Update - Hillrom published an update for their Log4Shell advisory.

Johnson Controls Update - Johnson Controls published an update for their Log4Shell advisory.

QNAP Update - QNAP published an update for their QTS and QuTS hero advisory that was originally published on January 13^th, 2021 and most recently updated on January 25^th, 2022.

Gerbv Reports - Talos published two reports of vulnerabilities in the Gerbv RS-274X viewer.

Bentley Reports - The Zero Day Initiative published 96 reports (ZDI-22-149 thru ZDI-22-243ZDI) about vulnerabilities in the Bentley MicroStation and MicroStation-based applications.

Moxa Exploit #1 - Matthew Bergin published an exploit for a firmware upgrade vulnerability in the Moxa TN-5900.  

Moxa Exploit #2 - Matthew Bergin published an exploit for a command injection vulnerability vulnerability in the Moxa TN-5900.  

WAGO Exploit - Gerhard Hechenberger published an exploit for an improper handling of exceptional conditions vulnerability in the WAGO 750-8xxx PLC.

NOTE: This was reported as a third-party (CODESYS) vulnerability, so this exploit may work (with or without modification?) on other vendor products.

 

For more details on these disclosures, including links to 3rd party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-d73 - subscription required.